Group derivation

group derivation

Defines

PSA_KEY_DERIVATION_INPUT_SECRET

A secret input for key derivation.

This should be a key of type PSA_KEY_TYPE_DERIVE (passed to psa_key_derivation_input_key()) or the shared secret resulting from a key agreement (obtained via psa_key_derivation_key_agreement()).

The secret can also be a direct input (passed to key_derivation_input_bytes()). In this case, the derivation operation may not be used to derive keys: the operation will only allow psa_key_derivation_output_bytes(), psa_key_derivation_verify_bytes(), or psa_key_derivation_verify_key(), but not psa_key_derivation_output_key().

PSA_KEY_DERIVATION_INPUT_PASSWORD

A low-entropy secret input for password hashing / key stretching.

This is usually a key of type PSA_KEY_TYPE_PASSWORD (passed to psa_key_derivation_input_key()) or a direct input (passed to psa_key_derivation_input_bytes()) that is a password or passphrase. It can also be high-entropy secret such as a key of type PSA_KEY_TYPE_DERIVE or the shared secret resulting from a key agreement.

The secret can also be a direct input (passed to key_derivation_input_bytes()). In this case, the derivation operation may not be used to derive keys: the operation will only allow psa_key_derivation_output_bytes(), psa_key_derivation_verify_bytes(), or psa_key_derivation_verify_key(), but not psa_key_derivation_output_key().

PSA_KEY_DERIVATION_INPUT_OTHER_SECRET

A high-entropy additional secret input for key derivation.

This is typically the shared secret resulting from a key agreement obtained via psa_key_derivation_key_agreement(). It may alternatively be a key of type PSA_KEY_TYPE_DERIVE passed to psa_key_derivation_input_key(), or a direct input passed to psa_key_derivation_input_bytes().

PSA_KEY_DERIVATION_INPUT_LABEL

A label for key derivation.

This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA.

PSA_KEY_DERIVATION_INPUT_SALT

A salt for key derivation.

This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA or PSA_KEY_TYPE_PEPPER.

PSA_KEY_DERIVATION_INPUT_INFO

An information string for key derivation.

This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA.

PSA_KEY_DERIVATION_INPUT_SEED

A seed for key derivation.

This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA.

PSA_KEY_DERIVATION_INPUT_COST

A cost parameter for password hashing / key stretching.

This must be a direct input, passed to psa_key_derivation_input_integer().

Typedefs

typedef uint16_t psa_key_derivation_step_t

Encoding of the step of a key derivation.

Values of this type are generally constructed by macros called PSA_KEY_DERIVATION_INPUT_xxx.

typedef struct psa_key_production_parameters_s psa_key_production_parameters_t

Custom parameters for key generation or key derivation.

This is a structure type with at least the following fields:

  • flags: an unsigned integer type. 0 for the default production parameters.

  • data: a flexible array of bytes.

The interpretation of this structure depend on the type of the created key.

  • PSA_KEY_TYPE_RSA_KEY_PAIR:

    • flags: must be 0.

    • data: the public exponent, in little-endian order. This must be an odd integer and must not be 1. Implementations must support 65537, should support 3 and may support other values. When not using a driver, Mbed TLS supports values up to INT_MAX. If this is empty or if the custom production parameters are omitted altogether, the default value 65537 is used.

  • Other key types: reserved for future use. flags must be 0.